[pkgsrc/trunk]: pkgsrc/multimedia/ffmpeg Add patch from ffmpeg GIT repository...

[tron <tron%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/0166ac53d47a
branches:  trunk
changeset: 565545:0166ac53d47a
user:      tron <tron%pkgsrc.org@localhost>
date:      Fri Sep 25 11:10:21 2009 +0000

description:
Add patch from ffmpeg GIT repository to fix the vulnerability
reported in SA36760.

diffstat:

 multimedia/ffmpeg/Makefile         |   4 ++--
 multimedia/ffmpeg/distinfo         |   3 ++-
 multimedia/ffmpeg/patches/patch-ab |  18 ++++++++++++++++++
 3 files changed, 22 insertions(+), 3 deletions(-)

diffs (49 lines):

diff -r 0a34c7e38d4f -r 0166ac53d47a multimedia/ffmpeg/Makefile
--- a/multimedia/ffmpeg/Makefile        Fri Sep 25 11:06:00 2009 +0000
+++ b/multimedia/ffmpeg/Makefile        Fri Sep 25 11:10:21 2009 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.53 2009/09/20 08:13:21 ahoka Exp $
+# $NetBSD: Makefile,v 1.54 2009/09/25 11:10:21 tron Exp $
 
-PKGREVISION=   3
+PKGREVISION=   4
 
 MAINTAINER=    ahoka%NetBSD.org@localhost
 HOMEPAGE=      http://ffmpeg.mplayerhq.hu/
diff -r 0a34c7e38d4f -r 0166ac53d47a multimedia/ffmpeg/distinfo
--- a/multimedia/ffmpeg/distinfo        Fri Sep 25 11:06:00 2009 +0000
+++ b/multimedia/ffmpeg/distinfo        Fri Sep 25 11:10:21 2009 +0000
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.30 2009/09/22 16:46:50 ahoka Exp $
+$NetBSD: distinfo,v 1.31 2009/09/25 11:10:21 tron Exp $
 
 SHA1 (ffmpeg-20090611.tar.bz2) = 04e67497f70c64b7a26534d4b67e3a46cdb4b219
 RMD160 (ffmpeg-20090611.tar.bz2) = 447a72cd1a416f926100c61299d9012535909d9a
 Size (ffmpeg-20090611.tar.bz2) = 2799194 bytes
 SHA1 (patch-aa) = e40f61850fe5c85bdd4b659802601dfacfe73ad1
+SHA1 (patch-ab) = 1c1da33f47be51f75635a9667b0d7d8052945ba7
 SHA1 (patch-bktr) = fb57a4f5dc0d372eb3f40dac5b05ea7d1da45d7b
 SHA1 (patch-configure) = ec0ae3c27026b45d380ecea04ff22518bf652ec0
 SHA1 (patch-powerpc) = 0eaf8d81164e1488fdb436d50909d0a633439e6a
diff -r 0a34c7e38d4f -r 0166ac53d47a multimedia/ffmpeg/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/ffmpeg/patches/patch-ab        Fri Sep 25 11:10:21 2009 +0000
@@ -0,0 +1,18 @@
+$NetBSD: patch-ab,v 1.6 2009/09/25 11:10:21 tron Exp $
+
+Patch for the vulnerability reported in SA36760, taken from here:
+
+http://git.ffmpeg.org/?p=ffmpeg;a=commit;h=ebbccbaa5e925c2ddb212559f82c29ef526cc17e
+http://git.ffmpeg.org/?p=ffmpeg;a=commit;h=7798d31bee361724e0a6ede4e2fd67228f24040b
+
+--- libavformat/sierravmd.c.orig       2009-02-16 14:45:05.000000000 +0000
++++ libavformat/sierravmd.c    2009-09-25 11:49:56.000000000 +0100
+@@ -154,7 +154,7 @@
+     vmd->frame_table = NULL;
+     sound_buffers = AV_RL16(&vmd->vmd_header[808]);
+     raw_frame_table_size = vmd->frame_count * 6;
+-    if(vmd->frame_count * vmd->frames_per_block  >= UINT_MAX / sizeof(vmd_frame)){
++    if(vmd->frame_count * vmd->frames_per_block >= UINT_MAX / sizeof(vmd_frame) - sound_buffers){
+         av_log(s, AV_LOG_ERROR, "vmd->frame_count * vmd->frames_per_block too large\n");
+         return -1;
+     }